oh-my-lilys

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs use of "lilys auth " (manual token passed on the command line) and auto-extraction of browser tokens, both of which require the agent to handle or include secret values verbatim and thus present a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly documents a "summarize " command (examples like "lilys summarize https://youtube.com/watch?v=abc123") that fetches and ingests content from open public sources (YouTube, websites, PDFs, audio), meaning untrusted third‑party content is read and used to generate reports that can influence agent actions.